fichtner
commented
3 years ago There is no format for ICMP. It's plain IP type.
Closed colttt closed 3 years ago
fichtner
commented
3 years ago There is no format for ICMP. It's plain IP type.
fichtner
commented
3 years ago For further reference: https://github.com/opnsense/ports/blob/master/opnsense/filterlog/files/description.txt
colttt
commented
3 years ago sorry but its still unclear to me how the format of ICMP is, an example:
94,,,0,ix0_vlan30,match,pass,out,4,0x0,,58,0,0,DF,1,icmp,84,34.84.xxx.abc,194.94.xyz.abc,datalength=64can somebody tell me which is what!?
fichtner
commented
3 years ago [IPv4] format as per the previous link. It's really not rocket science:
94 , , , 0 ,ix0_vlan30, match , pass , out, 4 , 0x0, , 58 , 0 , 0 , DF , 1 , icmp , 84 , 34.84.xxx.abc, 194.94.xyz.abc, datalength=64
rulenr, subrulenr, anchorname, label | "0", interface, reason, action, dir, ipversion, tos, ecn, ttl, id, offset, flags, protonum, protoname, length, src , dstdatalength=64 is some arcane addition that I haven't removed from filterlog yet. It has a number of magic things that it returns depending on the parsing type that have never been documented and only happen in fringe cases.
Hello, there is no documentation about the filterlog format, just ports/opnsense/filterlog/files/description.txt , but there is the ICMP format missing.
It would be nice if you add the information about the format in the documentation